Use integrated identity information to create and manage identities and control access to enterprise resources. We provide identity and access management, single sign–on (SSO), access governance, and more.

Detect and respond to all potential threats quickly and decisively. By monitoring user activities, security events, and critical systems, we provide actionable security intelligence to reduce the risk of data breach.

Get affordable, high-performance disaster recovery. We protect your workloads and help you meet or exceed RPOs and RTOs of an hour or less, with mirroring-like performance at a price point approaching tape.

Resolving Sentinel’s Certificate Constraint Issue

Some of you may have struck the Certificates does not conform to algorithm constraints issue with Sentinel and been a bit confused by the original response of “A proper resolution is to use custom certificates on the logging applications that use strong encryption (key sizes of 1024 or more). Once all applications have been updated, the restriction can be put back in place.” as stated in TID 7014219.

When it comes to eDirectory, Identity Manager, iManager, and Access Manager, the default certificate is actually buried in the Platform Agent (PA) binaries that are distributed by each product, so requires patching from engineering to rectify.

Fixes are now available (most of the bugs are restricted to Attachmate employees, so you may get a “You are not authorized to access bug #xxxxxx” message if you try to view them).

Identity Manager Bug 859236 is recently resolved and is available in the upcoming v4.5 release. If you run the current v4.0.2 release, you need to raise a Service Request to gain the patch from this bug (remember to reference the bug number in your SR).

When patching, make sure the lcache process is stopped when patching eDirectory and Identity Manager (doesn’t stop with eDirectory):

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.